CVE-2016-2922
3.7
CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Rational ClearQuest | 8.0 | affected |
| IBM | Rational ClearQuest | 8.0.0.1 | affected |
| IBM | Rational ClearQuest | 8.0.0.2 | affected |
| IBM | Rational ClearQuest | 8.0.0.3 | affected |
| IBM | Rational ClearQuest | 8.0.0.4 | affected |
| IBM | Rational ClearQuest | 8.0.0.5 | affected |
| IBM | Rational ClearQuest | 8.0.0.6 | affected |
| IBM | Rational ClearQuest | 8.0.0.7 | affected |
| IBM | Rational ClearQuest | 8.0.1 | affected |
| IBM | Rational ClearQuest | 8.0.0.8 | affected |
| IBM | Rational ClearQuest | 8.0.1.1 | affected |
| IBM | Rational ClearQuest | 8.0.0.9 | affected |
| IBM | Rational ClearQuest | 8.0.0.10 | affected |
| IBM | Rational ClearQuest | 8.0.0.11 | affected |
| IBM | Rational ClearQuest | 8.0.1.2 | affected |
| IBM | Rational ClearQuest | 8.0.1.3 | affected |
| IBM | Rational ClearQuest | 8.0.1.4 | affected |
| IBM | Rational ClearQuest | 8.0.0.12 | affected |
| IBM | Rational ClearQuest | 8.0.1.5 | affected |
| IBM | Rational ClearQuest | 8.0.0.13 | affected |
| IBM | Rational ClearQuest | 8.0.1.6 | affected |
| IBM | Rational ClearQuest | 8.0.0.14 | affected |
| IBM | Rational ClearQuest | 8.0.1.7 | affected |
| IBM | Rational ClearQuest | 8.0.0.15 | affected |
| IBM | Rational ClearQuest | 8.0.1.8 | affected |
| IBM | Rational ClearQuest | 8.0.0.16 | affected |
| IBM | Rational ClearQuest | 8.0.1.9 | affected |
| IBM | Rational ClearQuest | 8.0.0.17 | affected |
| IBM | Rational ClearQuest | 8.0.1.10 | affected |
| IBM | Rational ClearQuest | 8.0.0.18 | affected |
| IBM | Rational ClearQuest | 8.0.1.11 | affected |
| IBM | Rational ClearQuest | 9.0 | affected |
| IBM | Rational ClearQuest | 9.0.0.1 | affected |
| IBM | Rational ClearQuest | 8.0.0.19 | affected |
| IBM | Rational ClearQuest | 8.0.1.12 | affected |
| IBM | Rational ClearQuest | 9.0.0.2 | affected |
| IBM | Rational ClearQuest | 8.0.0.20 | affected |
| IBM | Rational ClearQuest | 8.0.1.13 | affected |
| IBM | Rational ClearQuest | 9.0.0.3 | affected |
| IBM | Rational ClearQuest | 8.0.0.21 | affected |
| IBM | Rational ClearQuest | 8.0.1.14 | affected |
| IBM | Rational ClearQuest | 9.0.0.4 | affected |
| IBM | Rational ClearQuest | 9.0.1 | affected |
| IBM | Rational ClearQuest | 8.0.1.15 | affected |
| IBM | Rational ClearQuest | 9.0.0.5 | affected |
| IBM | Rational ClearQuest | 9.0.1.1 | affected |
| IBM | Rational ClearQuest | 8.0.1.16 | affected |
| IBM | Rational ClearQuest | 9.0.0.6 | affected |
| IBM | Rational ClearQuest | 9.0.1.2 | affected |
| IBM | Rational ClearQuest | 8.0.1.17 | affected |
| IBM | Rational ClearQuest | 9.0.1.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10718377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113353
References
- https://www.ibm.com/support/docview.wss?uid=ibm10718377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/113353
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.